FRC issues revised Client Asset Assurance Standard (CASS)
26 Nov 2019
The Financial Reporting Council (FRC) has issued a revised standard for the audit of client assets, outlining rules for conforming with FCA rules and stressing the importance of independent judgment and scepticism
26 Nov 2019
The Client Asset Assurance Standard was last updated in 2015 and the revised rules come into effect from January 2020 for reporting client assets.
CASS auditors are required to comply with Financial Conduct Authority (FCA) rules on client assets, specifically the Client Assets sourcebook (CASS).
The revised standard reinforces the importance of ethical requirements for auditors, particularly those relating to independence. It stresses that CASS auditors must accept or continue a Client Asset Engagement only when the CASS auditor:
- has reason to believe that all relevant ethical requirements, including independence, will be satisfied;
- the CASS auditor is satisfied that those who are to perform the engagement, including the CASS engagement leader, have had appropriate training and will have the appropriate competence and capabilities; and
- the basis upon which the engagement is to be performed has been agreed between the CASS auditor and the firm, including the CASS auditor’s reporting responsibilities to the FCA and also the reporting (as set out in paragraph 135) of the most significant matters requiring attention, in the auditor’s professional judgment, to those charged with governance.
This standard establishes requirements and provides guidance for CASS auditors reporting to the FCA in accordance with its SUP (Supervision Manual) rules in respect of engagements that involve evaluating and reporting on a regulated firm’s compliance with the FCA’s CASS (client asset) rules and other rules relevant to the holding of client assets.
The content and wording of the Client Assets Report provided by the CASS auditor also have to be followed as set out in the Rules of the FCA and follow the templates in SUP 3 Annex 1R.
Any change to the wording or format of presentation has to be agreed in advance with the FCA.
The issue of quality control is also addressed, emphasising that the CASS engagement leader has overall responsibility for the quality of the work, and must have sufficient competence in the provision of assurance on client assets to accept responsibility for the assurance options set out in the client assets report. Staff working on the CASS audit also need to have relevant experience and training.
There is also strong emphasis on professional scepticism and professional judgment.
The standard states: ‘The CASS auditor shall exercise professional judgment in planning and performing an assurance engagement, including when determining the nature, timing and extent of procedures to be performed. The procedures to be performed shall be sufficient to address the engagement risk, and to provide the auditor with sufficient, appropriate evidence to support their reporting to the FCA and to those charged with governance.’
It also sets out more detail on how the auditor should review the CASS material, stating that ‘the engagement team shall assess the plausibility of information and explanations provided to it by those charged with governance and management.
‘Where appropriate the engagement team considers this in the context of their knowledge and their findings derived from other areas of work undertaken with the same firm, including, where appropriate, the statutory audit of the financial statements.’
However, in the new version, the FRC has made the distinction between Small CASS firms and large or medium. Large and medium firms are required to undertake an engagement quality control review.
Small CASS firms are only required to ‘use professional judgment’ as to whether this is necessary, considering factors such as the complexity of the business and whether they feel there is a risk of breaches of the CASS regime.
James Waller, technical writer at Croner-I said: ‘The intention of this revision is to build on the improvements made by the introduction of the CASS regime, in maintaining high quality reporting. The majority of the changes have therefore been relatively minor.’
As in the original 2015 standard, the FRC stresses that ‘if client assets are transferred to another legal entity such as a sub-custodian or third-party administrator the CASS auditor will need to have a clear understanding regarding which client assets are within the scope of the CASS rules on which it has a responsibility to provide assurance and to report Breaches of those rules, where appropriate’.
The standard is effective for reports to the FCA with respect to client assets for periods commencing on or after 1 January 2020.